<?php
	/* * *
	 * This basic security module just stores in a cookie the username and the hash 
	 * of the password+ipaddress. This isn't a very safe authenticaion, however: it's 
	 * advised to use another log-in manager, as this version has severe security 
	 * flaws.
	 */
	session_start();
	
	class nosec extends base_plugin {
		
		private $logged = false;
		
		function nosec() {
		}
		function getType() {
			return plug_types::sec;
		}
		function secRegisterAllowed() {
			return true;
		}
		
		function secCheckAuth() {
			if (!$this->logged && isset($_SESSION['user_id']) && isset($_SESSION['phash'])) {
				db_connect("metas/dbconf.php");
				$uid = $_SESSION['user_id'];
				$pass = $_SESSION['phash'];

				$uid = mysql_escape_string($uid);
				$pass = mysql_escape_string($pass);
				$query = "SELECT id FROM users WHERE id = '". $uid. "' AND passhash = '".$pass."'";
				$record = db_query_array($query);
    			//return true;
				if(!$record) {
    	  			return false;
    			} else {
      				//$timeout = time() + 60 * 60 * 24 * 7;
      				//$_SESSION['user_id'] = $record['id'];
      				//$_SESSION['phash'] = $pass;
      				$this->logged = true;
    			}
			}
			return $this->logged;
		}
		function secPrintLoginModule() {
			?>
			<form method="post" action="<?php echo parent::tools()->getLoginURL(); ?>">
				<p><label for="uname">Username:</label><input type="text" id="uname" name="uname"/></p>
				<p><label for="pass">Password:</label><input type="password" id="pass" name="pass"/></p>
				<p class="submit"><input type="submit" value="OK"/></p>
			</form>
			<?php 
		}
		function secPerformLogin() { 
			if (strlen(parent::tools()->getPost('uname'))>2) {
				db_connect("metas/dbconf.php");
				$uname = parent::tools()->getPost('uname');
				$pass = parent::tools()->getPost('pass');
				$uname = mysql_escape_string($uname);
			
				$query = "SELECT id FROM users WHERE nick = '". $uname. "' AND passhash = '".md5($pass)."'";
				$record = db_query_array($query);
    
			    if(!$record) {
      				return false;
    			} else {
	      			$timeout = time() + 60 * 60 * 24 * 7;
    	  			$_SESSION['user_id'] = $record['id'];
      				$_SESSION['phash'] = md5($pass);
      				
      				$this->logged = true;
	      			return true;
    			}
			}
		}
		function secPrintRegisterModule() {
			?>
			<form method="post" action="<?php echo parent::tools()->getRegisterURL(); ?>">
				<p><label for="uname">Username:</label><input type="text" id="uname" name="uname"/></p>
				<p><label for="pass">Password:</label><input type="password" id="pass" name="pass"/></p>
				<p><label for="scode">Authorization:</label><input type="password" id="scode" name="scode"/></p>
				<p class="submit"><input type="submit" value="OK"/></p>
			</form>
			<?php 
		}
		function secPerformRegister() {

			if (strcmp(parent::tools()->getPost('scode'), 'vitawrev')==0) {
				$uname = parent::tools()->getPost('uname');
				$pass = parent::tools()->getPost('pass');
				$uname = mysql_escape_string($uname);
				db_connect("metas/dbconf.php");
				$record = db_query_array("SELECT * FROM users WHERE uname = '".$uname."'");
				if (!$record) {
					db_query("INSERT INTO users (nick, passhash) VALUES ('$uname', '".md5($pass)."')");
					echo "ok<br/><br/>";
					return 1;
				} else {
					return 0;
				}
			} else {
				echo "ko";
				return 0;
			}
		}
	}

	$plug = new nosec();
?>